Slashdot Mirror

← Back to Stories (view on slashdot.org)

WordPress Hacked, Attackers Get Root Access

Posted by samzenpus on from the protect-ya-neck dept.

An anonymous reader writes "A hacker has gained access to WordPress.com servers and site source code was exposed including passwords/API keys for Twitter and Facebook accounts. From the official blog post: 'Automattic had a low-level (root) break-in to several of our servers, and potentially anything on those servers could have been revealed. We presume our source code was exposed and copied. While much of our code is Open Source, there are sensitive bits of our and our partner's code. Beyond that, however, it appears information disclosed was limited.'"

10 of 168 comments (clear)

  1. the cloud by stoolpigeon · · Score: 5, Insightful

    and that's why I don't want everything in the cloud.

    --
    It's hard to believe that's how Micronians are made. Why don't we see it right now by having you both kiss one another?
    1. Re:the cloud by zill · · Score: 4, Insightful

      Care to point out how "the cloud" is involved in this case? Nowhere in the summary or TFA does it mention that the compromised servers were cloud-based.

    2. Re:the cloud by lennier1 · · Score: 5, Informative

      wordpress.COM is a hosting service service which offers Wordpress blog setups out-of-the-box.
      wordpress.ORG is where the software itself is published.

    3. Re:the cloud by Zapotek · · Score: 4, Insightful

      Isn't it obvious? Because the impact of hacking a server containing data from thousands of users is FAR greater than hacking a single desktop.
      That's why the parent is right.

    4. Re:the cloud by Anonymous Coward · · Score: 4, Insightful

      It does seem that "the cloud" simply means, to most people, "storage and apps on the web". With that common definition I'd have a hard time seeing how it wasn't cloud based. In fact, that's probably why they were hacked. The hackers were looking for that silver lining that every cloud has.

    5. Re:the cloud by stoolpigeon · · Score: 5, Insightful

      I never said I didn't want "anything" in the cloud. In fact the word I used was "everything". I also placed that word in italics to emphasize that I meant some things I would rather maintain on my own machines, but not all things.

      One of us has rather poor reading skills. That may be the one that is "moronic".

      Furthermore, you have no idea what I do or where most of it takes place. To assert that you do is, well, rather short sighted. One might almost be inclined to say moronic.

      And to decide that the security of one's data is properly handled should be a matter of luck. There has to be a good word for that view, let me think on it a bit and I'm sure it will come to me.

      Oh, and if being called moronic makes you feel bothered at all, I'd recommend keeping that in mind when you throw the word at others. I'm no rocket scientist but that kind of slur really isn't called for.

      --
      It's hard to believe that's how Micronians are made. Why don't we see it right now by having you both kiss one another?
  2. Facebook? Twitter? by Jeremiah+Cornelius · · Score: 5, Insightful

    The Word Press devs promoting integration with Facebook is like handing Sweeney Todd the razor and saying "Shave away, whatever you like."

    It starts with FB managing the identities and next, the discussion threads, and slowly creeps throughout - until WP is a hollow frame on which to drape FB parts.

    Eviler than Google. And that's saying a lot.

    --
    "Flyin' in just a sweet place,
    Never been known to fail..."
  3. beyond that... by hxnwix · · Score: 4, Funny

    They stole everything, but, "beyond that, however, it appears information disclosed was limited."

  4. Re:Saw some unusual activity this week by v1 · · Score: 4, Insightful

    I guess I better change it again just to be safe. Mine is definitely not in the dictionary or guessable so I'm not to worried unless they can decrypt the password file. I would hope they encrypt their password file..

    If they raided the entire fridge, even if it was encrypted, they'd have the keys and thus all the passwords on a silver platter.

    I think what you meant to say is you hope the passwords were hashed .

    --
    I work for the Department of Redundancy Department.
  5. What have I learned here? by __aayuzx6098 · · Score: 4, Interesting

    If large, well-funded companies, even those that specialize in security (!), or whose business depends upon keeping their proprietary info safe, cannot keep their servers secure, what chance does a Mom and Pop operation like mine have?

    This year I spent 4 weeks studying the OS X Server Security Config (400 pp.), and implementing those recommendations. I've looked at best practice guides for all the underlying FOSS tools I use. I monitor logs.

    But it's seems never enough to keep out a determined, skilled hacker. Do I despair? Give up? What lessons can I take from this?